Security researcher depthfirst disclosed CVE-2026-42945, an 18-year heap overflow in NGINX’s rewrite module enabling unauthenticated RCE. CVSS 9.2 critical.
Bitdefender researchers documented three consecutive FamousSparrow intrusions against an Azerbaijani oil and gas firm between December 2025 and February 2026.
Iran-linked MuddyWater targeted nine organizations globally in 2026, including a South Korean electronics firm, using legitimate vendor DLLs for sideloading.
CVE-2026-46300 Fragnesia is a third Linux kernel LPE enabling root access via page cache corruption with no race condition required.
Two unpatched Windows zero-days, YellowKey and GreenPlasma, were publicly dropped after researchers expressed dissatisfaction with Microsoft’s handling.
Nitrogen ransomware hit Foxconn’s North American factories, encrypting systems and stealing 8TB of files containing schematics from Apple, Intel, and
OpenLoop Health disclosed a January 2026 breach affecting 716,000 patients across two days, with a threat actor claiming the true
US prosecutors charged Owe Martin Andresen as alleged Dream Market operator after German police arrested him for laundering over $2M
Socket identified GemStuffer, a campaign abusing 150+ RubyGems packages to scrape UK government council portals and publish collected data as
InterLock ransomware posted four new victims in 24 hours on May 11, including Park Dental Research — a US healthcare
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.